Potential double free on malloc failure in opj_j2k_copy_default_tcp_and_create_tcp()

[gcode-importer]

Originally reported on Google Code with ID 492

The opj_j2k_copy_default_tcp_and_create_tcp() function memcpy's a top-level
struct, and then replaces pointers to memory owned by the original struct
with new blocks of memory. Unfortunately, an early return can leave the
copy with pointers to memory it doesn't own, which causes problems when
cleaning up the partially-initialized struct.

The issue was found downstream in https://code.google.com/p/chromium/issues/detail?id=486538

A proposed patch is attached.

Reported by tsepez@chromium.org on 2015-05-18 22:41:08

---

- _Attachment: [jpeg.diff](https://storage.googleapis.com/google-code-attachments/openjpeg/issue-492/comment-0/jpeg.diff)_

[gcode-importer]

Thanks for the patch.

Reported by mayeut on 2015-05-19 21:39:20

• Status changed: Started

[gcode-importer]

This issue was closed by revision r3002.

Reported by mayeut on 2015-05-19 21:57:33

• Status changed: Fixed